Menu
I have a simple actionmethod, that returns some json. It runs on ajax.example.com. I need to access this from another site someothersite.com.
If I try to call it, I get the expected...:
Origin http://someothersite.com is not allowed by Access-Control-Allow-Origin. I know of two ways to get around this: JSONP and creating a custom HttpHandler to set the header.
Is there no simpler way?
Is it not possible for a simple action to either define a list of allowed origins - or simple allow everyone? Maybe an action filter?
Optimal would be...:
return json(mydata, JsonBehaviour.IDontCareWhoAccessesMe); 
847
First, we need to enable CORS in WebAPI, then we call the service from other application AJAX request. In order to enable CORS, we need to install the JSONP package from NuGet (see Figure3). After adding Jsonp package, we need to add the following code-snippet in App_Start\WebApiConfig. cs file.
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
public class AllowCrossSiteJsonAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { filterContext.RequestContext.HttpContext.Response.AddHeader("Access-Control-Allow-Origin", "*"); base.OnActionExecuting(filterContext); } } [AllowCrossSiteJson] public ActionResult YourMethod() { return Json("Works better?"); } using System; using System.Web.Http.Filters; public class AllowCrossSiteJsonAttribute : ActionFilterAttribute { public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { if (actionExecutedContext.Response != null) actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*"); base.OnActionExecuted(actionExecutedContext); } } [AllowCrossSiteJson] public class ValuesController : ApiController { [AllowCrossSiteJson] public IEnumerable<PartViewModel> Get() { ... } IE <= 9 doesn't support CORS. I've written a javascript that will automatically route those requests through a proxy. It's all 100% transparent (you just have to include my proxy and the script).
Download it using nuget corsproxy and follow the included instructions.
Blog post | Source code
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
